Configuration system and methods including configuration inheritance and revisioning

Abstract

A system includes a security management system for a plurality of managed products. The security management system stores configuration data for managed products and managed nodes in a directory. Configuration data is stored in the directory in the form of configuration objects and setting objects. A revision history of a configuration object and/or a setting object can be maintained. Inheritance between configuration objects is supported so that a configuration inheritance chain is available. To determine an effective configuration at a point in time, a parent-child inheritance merge process is used. To assist the parent-child inheritance process, name attributes and collision resolution mode attributes are used.

Description

BACKGROUND OF THE INVENTION[0001]1. Field of the Invention[0002]The present invention relates generally to managing applications on a computer network, and more particularly to managing applications on a computer network using configuration inheritance and revisioning.[0003]2. Description of Related Art[0004]Multi-vendor security services and products typically provide network security. Each security service and product typically must be configured and reconfigured to maintain network security. Typically, each vendor for a security service and product utilizes various settings to establish a configuration. Some of these settings may be established at the time a product is installed. A user, a group, or update features of the product may establish other settings.[0005]Unfortunately, it is difficult, if not impossible, for a network security administrator to know the configuration of each product, each device, at the various tiers that exist on the network at a given moment in time. C...

AI Technical Summary

Benefits of technology

[0019]Still yet another method includes generating an effective configuration for a managed product from a configuration inheritance chain. The generating an effective configuration includes getting a mark-up language string for a most-derived configuration object. The generating an effective configuration further includes converting the mark-up language string for the most-derived configuration object to a derived tree structure having nodes. A plurality of nodes in the derived tree structure includes collision detection names.

[0020]The generating an effective configuration also includes getting a mark-up languag

Problems solved by technology

Unfortunately, it is difficult, if not impossible, for a network security administrator to know the configuration of each product, each device, at the various tiers that exist on the network at a given moment in time.

Consequently, monitoring and changing configurations in view of a security threat is a time consuming and difficult task.

While there may be a well-defined security policy, assuring the policy is properly implemented at all times on the network is difficult.

Consequently, it is unclear what must be done to implement the security policy.

This problem is exacerbated because there

Images